Quiz 4

Question 1

Securing a traditional scene is accomplished by (choose all that apply)

Answer 1

stringing crime tape.

posting guards.

asking people to leave.

Question 2

Books and manuals can give investigators clues as to the skill level of the target but not what kind of technology they may be up against. True or False?

Answer 2

False

Question 3

Cellphones are vulnerable because (choose all that apply)

Answer 3

they may be wiped by the cell provider.

the battery may drain.

Question 4

The correct order of volatility (from most volatile to least volatile)

Answer 4

registers, memory, archival media.

Question 5

Under certain legal requirements, your notes could become discoverable and made available to the opposing side. This can happen if you take your notes with you to the witness stand. True or False?

Answer 5

True

Question 6

A bit for bit copy of a hard drive is known as a (choose all that apply)

Answer 6

forensic clone.

bit stream image.

Question 7

Copying and pasting gets the active data - that is, data that are accessible to the user as well as deleted files. True or False?

Answer 7

False

Question 8

Exigent circumstances may provide rationale for conducting your examination on the original digital evidence. True or False?

Answer 8

True

Question 9

The suspect’s drive is known as the destination drive and the drive the investigator is cloning to is called the source drive because it is the source of the analysis. True or False?

Answer 9

False

Question 10

“The process of identifying, preserving, collecting, preparing, reviewing, and producing ESI in the context of the legal process” is the definition of

Answer 10

discovery

Question 11

​What does FRE stand for?

Answer 11

​Federal Rules of Evidence

Question 12

What should you do while copying data on a suspect’s computer that is still live?​

Answer 12

​Make notes regarding everything you do.

Question 13

To investigate employees suspected of improper use of company digital assets, a company policy statement about misuse of digital assets allows corporate investigators to conduct covert surveillance with little or no cause, and access company computer systems and digital devices without a warrant.​ True or False?

Answer 13

True

Question 14

If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab.

Answer 14

one

Question 15

_______ does not recover data in free or slack space.

Answer 15

​Sparse acquisition

Question 16

Which system below can be used to quickly and accurately match fingerprints in a database?​

Answer 16

​Automated Fingerprint Identification System (AFIS)

Question 17

_______ is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing.

Answer 17

Hearsay

Question 18

​As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state?

Answer 18

​The decision should be left to the Digital Evidence First Responder (DEFR).

Question 19

Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records?​

Answer 19

​United States v. Salgado

Question 20

In cases that involve dangerous settings, what kind of team should be used to recover evidence from the scene?​

Answer 20

HAZMAT